RBI has issued an informative booklet for public information containing information on modus operandi of different financial frauds.
The publication would be useful to general public.
Yesterday, the news paper The Hindu reported that it expects “More delays on Data Protection Bill as panel reopens debate”
The report was based on the fact that the JPC under the new Chairman Mr P P Choudhary has convened two sittings on September 15th and 16th with the agenda ” Comparison between The Personal Data Protection Bill, 2019 as introduced in the Parliament, as discussed in the Joint Committee and the suggestions for amendment by the Chairperson, Joint Committee.”.
According to the news paper, two key amendments are being proposed namely
Accordingly the news paper predicts that there will be objections from the committee members and demands for more detailed discussion leading to further delay in the passage of the Bill.
It is understood that if the Government does not want to pass the Bill, then it can be delayed and anything can be used as an excuse. On the other hand if the Government wants to pass the Bill, it can pass it despite the opposition.
However, there was perhaps a technical gap in the process earlier and the Bill after its earlier discussions and corrections made was not re-presented in its final corrected form back to the JPC for its final approval but presented directly to the speaker of the Loksabha. Perhaps this needed a correction and a meeting was required for this purpose before the presentation of the Bill in the Parliament in the next session as per the commitment of the Government. We presume that the JPC meeting on September 15th and 16th is required for this purpose.
As regards the two amendments suggested in the report of the Hindu which may also be only be be a speculative report, our views are as under.
The Personal data protection act needs to co-exist with the current ITA 2000 and the proposed Non Personal Data Governance Act. It is a legislation which is prompted by the Puttaswamy judgment and meant to focus on the protection of Privacy as per the Constitution through a data protection legislation that addresses the “Information Privacy Issue”.
The main objective of this legislation is to provide that the data principal should be able to exercise his choice regarding collection, use and disclosure of personal information. It is enforced on those organizations which collect and process the personal data in India.
While PDPB2019 absorbs Section 43A of ITA 2000, it is not a legislation to replace ITA 2000. ITA 2000 has a mandate to define and manage Cyber Crimes which are data related crimes without a distinction of whether the data is personal or non personal.
Presently, ITA 2000 has civil and criminal provisions and victims of data related crimes can approach the Adjudicator for compensation for losses suffered as per Section 46 of Chapter IX of ITA 2000. The Police can prosecute persons for the offences indicated in Chapter XI of ITA 2000.
The PDPB2019 adds the dimension of administrative penalty which was not the subject matter of “Adjudication” under ITA 2000. At the same time, PDPB 2019 does not address the offences under Chapter XI.
However overlap between ITA 2000 and PDPB 2019 may occur because of
Given the general reluctance of IT Secretaries (adjudicators under ITA 2000) to adjudicate on cyber crime cases, they may be happy to pass on the responsibility to the Adjudicator under the DPA and hence the overlapping jurisdiction of the two adjudicators may not affect the enforcement. If however, there are multiple forums available in a few cases, it can be handled as we presently handle cyber crimes with the adjudicator as well as the consumer court etc.
The “Non Personal Data Governance Act” is yet to be drafted and even when it comes into existence, it is not expected to interfere with ITA 2000 in terms of offences. This Act is meant to be for “Establishing a structure for Governance of Non Personal Data” and the
Protection aspects can continue to be addressed by the ITA 2000.
PDPB 2019 defines what is “Personal Data” and what ever is not a personal data automatically falls into the purview of Governance under the Non Personal Data Governance Act (when it comes into existence) and the purview of protection as per the ITA 2000.
There is no need for PDPB 2019 to extend the authority of the Personal Data Protection Authority under the PDPB 2019 to the domain of Non Personal Data Governance or Protection. It is enough if the PDPB 2019 defines Personal data so that the boundary between Personal Data and Non Personal data is defined through either “Anonymization” or because the data itself does not contain any personally identifiable element.
If PDPB 2019 tries to extend the scope of the authority of DPA to Non Personal Data or extend the Data Breach definition to Non Personal Data, there will be a needless interference with the activities of the CERT-In which is a quasi judicial authority under ITA 2000 and is the authority designated to receive data breach reports.
Any move to extend the definition of “Data Breach” under PDPB 2019 to Non Personal Data Breach will bring lakhs of cyber offences to the table of the DPA .Data Breach may occur due to Viruses in Computers or Mobiles, through negligence or malicious attacks or even technical failures.
If all these data breaches land at the desk of DPA, it will paralyze the functioning of the DPA.
Hence the move to enhance the scope of PDPB2019 to Non Personal Data, if it is true, is avoidable.
Naavi
Registration now open. Course to commence from October 3, 2021
A Feedback from a participant of the previous program:
What was unique about this training and certification was the depth of coverage. With Naavi Sir being an expert in ITA 2000/08, he was able to bring in the required relevance and he was able to quote on specific cases and how ITA 2000/08 by itself includes data privacy requirements. His references to the HC judgements on matters of Personal Data Protection emphasized the importance. The content and teaching were well rounded and inclusive of surrounding aspects that perhaps one cannot expect in more mundane training programmes. The content presented by Ramesh Sir was very very elaborate on GDPR and all encompassing …. the discussions and points made by Naavi Sir while clarifying our doubts were themselves like a separate training session with valuable insights conveyed which he had gathered over the years …. overall it was a very enriching imparting of knowledge…. K.N.NarasingaRao, (Consultant, ICT at IIMB Bengaluru)
Naavi
BSNL is a public sector company and many of us want to encourage it. But there is a limit to which the inefficiency of BSNL may be tolerated.
I have installed the BSNL Fiber connectivity by converting my existing land line connection to the fiber connection.
Unfortunately the service is so problematic that I need to consider cancelling my subscription.
In the meantime there have been some press statements that BSNL wants to convert all its copper lines to fiber. If this is done, there could be more problems for commuters and hence I draw the attention of the Telecom ministry to look into the matter immediately.
Firstly, whenever fiber connectivity is down, which is quite often, the regular telephone line also becomes inaccessible. Hence those who depend on the telephone line for voice calls are blocked out of voice connectivity.
Secondly, BSNL connectivity interjects advertisements when we try to connect to a website. An example is the picture below where I have tried to connect to www.pdpa2019.in through my browser and I am directed to this advertisement page.
These advertisement intrusions are potential sources for virus introduction and an unwanted intrusion. If one looks at this picture it appears as if the advertisement is appearing on the website of www.pdpa2019.in where as it is introduced by BSNL before opening the target website and as an “Impersonation” of the advertisement beneficiary.
This is an offence which can be brought under ITA 2000 and other laws and the concerned technical persons of BSNL may be criminally charged.
The customer service itself is being handled by outsourced agencies and despite their best efforts, fall short of the requirement.
Also, Jio Fiber is using underground cabling with dual cable connectivity and overhead cabling is only from a nearby pole. This reduces the risks of cable cut due to natural and other reasons.
I hope BSNL tries to improve its services as the fiber service was one of the best opportunities for it to turn around the organization and if it fails this time, then this could be the end of BSNL.
Naavi
5th September 2021
PRESS RELEASE
FDPPI Proposes a New Data Privacy Compliance Framework
Foundation of Data Protection Professionals in India (FDPPI) is organizing a free webinar on 19th September 2021, to build awareness on a unique Data Protection Compliance framework that can help the data processing industry in India to meet the Data Privacy obligations under the current Data Protection regulations applicable to Indian establishments.
The framework called “Personal Data Protection Standard of India” (PDPSI) is a unified framework that can assist a company to be compliant with the data protection requirements under Information Technology Act 2000, the proposed Personal Data Protection Bill 2019 (PDPB 2019) as well as GDPR and other international data protection regulations that may be applicable to Indian establishments.
PDPSI is a revolutionary concept “Made in India for the World” and incorporates several innovative futuristic ideas such as computation of “Data Trust Score” (DTS) and incorporating Data Valuation System in corporate Governance.
FDPPI has already developed a team of trained Auditors and Consultants and also created a group of Certification bodies which can undertake Consultancy and Audit based on the PDPSI framework and certify them for the Management.
When the PDPB 2019 is passed, the Government of India will set up a Data Protection Authority which will introduce codes of practice for industries to follow. PDPSI is an advance proactive initiative from the industry professionals to develop a system of compliance in tune with the global standards and flexible enough to meet the emerging requirements of PDPB 2019 when passed.
The webinar will be conducted by Naavi, the veteran Data Protection and Governance consultant, founder of www.naavi.org and Founder Chairman of FDPPI . During the webinar, Naavi will introduce the Standard and its implementation specifications with comparison of similar frameworks available from other agencies.
The webinar is sponsored by FDPPI for the benefit of Data Protection professionals in India to spread awareness of this framework. Registration would be free. The webinar would be conducted on September 19, 2021 (Sunday) from 11.00 am to 1.00 pm. Entry by registration at www.fdppi.in or through e-mail fdppi@fdppi.in
Sd
Chairman
FDPPI
We at FDPPI think that PDPSI is a useful framework that can assist the Indian Data Fiduciaries to be compliant to multiple data protection laws.
But what matters is not what we think…but what you think…
It is possible that for many of you, PDPSI is a new term and you have not had an opportunity to study what is it and how does it compare to IS 17428 etc.
Now there is an opportunity to discuss this . Block your calendar today for September 19th, 11.00 am. Let’s meet and discuss.
Naavi
